As newer software engineering technologies, such as Service-Oriented Architecture (SOA), become the basis for mission-critical systems, they must include security as a foundational capability. This paper highlights security concepts relevant to using SOA as a foundation for a Common Operating Environment (COE), i.e., a set of infrastructure and common services for developing and executing applications across multiple platforms. We present and motivate security needs, tradeoffs, and solutions in the various layers of a SOA-based COE, including 1) the network, 2) computational platforms, and 3) the common software infrastructure consisting of a SOA stack, common services, and applications. We also discuss cross cutting aspects of security such as survivability, transparency, flexibility, specificity, reuse, and assurance. We then explore security standards and requirements for mission-critical systems developed on top of a SOA-based COE and security technologies that are candidates for satisfying the requirements. The paper closes with a set of recommendations and steps forward for both research into and implementation of security in a SOA-based COE.